Anti-vulnerability system, method, and computer program product
First Claim
1. A non-transitory computer-readable media storing instructions that, when executed by one or more processors, cause the one or more processors to:
- receive first information associated with a plurality of actual vulnerabilities, the first information being based on second information associated with a plurality of potential vulnerabilities;
said first information associated with the plurality of actual vulnerabilities being based on the second information associated with the plurality of potential vulnerabilities, at least in part as a result of a determination that one or more of a plurality of devices is actually vulnerable based on the second information and at least one of an operating system or an application;
based on the first information, display one or more options for selection by at least one user to cause utilization of one or more different occurrence mitigation actions; and
cause utilization of the one or more different occurrence mitigation actions in connection with one or more of the plurality of actual vulnerabilities, the different occurrence mitigation actions including;
a firewall-related occurrence mitigation action that includes sending a firewall update resulting in utilization of a firewall feature for preventing an actual vulnerability addressed by the firewall update from being taken advantage of in response to identification of an occurrence capable of taking advantage of the actual vulnerability addressed by the firewall update, andan intrusion detection or prevention system-related occurrence mitigation action that includes sending an intrusion detection or prevention system update resulting in utilization of an intrusion detection or prevention system feature for preventing an actual vulnerability addressed by the intrusion detection or prevention system update from being taken advantage of in response to identification of an occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion detection or prevention system update;
the display of the one or more options including;
displaying a first option corresponding to the firewall-related occurrence mitigation action utilizing a first user interface element, and displaying a second option corresponding to the intrusion detection or prevention system-related occurrence mitigation action utilizing a second user interface element;
wherein the instructions, when executed by the one or more processors, cause the one or more processors to;
in automatic response to the identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the firewall update, prevent the actual vulnerability addressed by the firewall update from being taken advantage of, utilizing the firewall feature; and
in automatic response to the identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion detection or prevention system update, prevent the actual vulnerability addressed by the intrusion detection or prevention system update from being taken advantage of, utilizing the intrusion detection or prevention system feature.
0 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and computer program product are provided for identifying a first and second occurrence in connection with at least one of the networked device. In use, it is possible that it is determined that the at least one actual vulnerability of the at least one networked device is capable of being taken advantage of by the first occurrence identified in connection with the at least one networked device. Further, it is also possible that it is determined that the at least one actual vulnerability of the at least one networked device is not capable of being taken advantage of by the second occurrence identified in connection with the at least one networked device. To this end, the first occurrence and the second occurrence are reported differently.
-
Citations
17 Claims
-
1. A non-transitory computer-readable media storing instructions that, when executed by one or more processors, cause the one or more processors to:
-
receive first information associated with a plurality of actual vulnerabilities, the first information being based on second information associated with a plurality of potential vulnerabilities; said first information associated with the plurality of actual vulnerabilities being based on the second information associated with the plurality of potential vulnerabilities, at least in part as a result of a determination that one or more of a plurality of devices is actually vulnerable based on the second information and at least one of an operating system or an application; based on the first information, display one or more options for selection by at least one user to cause utilization of one or more different occurrence mitigation actions; and cause utilization of the one or more different occurrence mitigation actions in connection with one or more of the plurality of actual vulnerabilities, the different occurrence mitigation actions including; a firewall-related occurrence mitigation action that includes sending a firewall update resulting in utilization of a firewall feature for preventing an actual vulnerability addressed by the firewall update from being taken advantage of in response to identification of an occurrence capable of taking advantage of the actual vulnerability addressed by the firewall update, and an intrusion detection or prevention system-related occurrence mitigation action that includes sending an intrusion detection or prevention system update resulting in utilization of an intrusion detection or prevention system feature for preventing an actual vulnerability addressed by the intrusion detection or prevention system update from being taken advantage of in response to identification of an occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion detection or prevention system update; the display of the one or more options including;
displaying a first option corresponding to the firewall-related occurrence mitigation action utilizing a first user interface element, and displaying a second option corresponding to the intrusion detection or prevention system-related occurrence mitigation action utilizing a second user interface element;wherein the instructions, when executed by the one or more processors, cause the one or more processors to; in automatic response to the identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the firewall update, prevent the actual vulnerability addressed by the firewall update from being taken advantage of, utilizing the firewall feature; and in automatic response to the identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion detection or prevention system update, prevent the actual vulnerability addressed by the intrusion detection or prevention system update from being taken advantage of, utilizing the intrusion detection or prevention system feature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system, comprising:
-
an intrusion prevention system component including hardware circuitry capable of accessing at least one data structure identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, such that; each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, each mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option, at least two of the mitigation techniques are capable of mitigating an effect of an attack that takes advantage of a first one of the vulnerabilities, and said at least two mitigation techniques configured for occurrence mitigation by preventing advantage being taken of actual vulnerabilities and include a first mitigation technique of a firewall-based occurrence mitigation type that utilizes a firewall action for at least mitigating the attack that takes advantage of the first one of the vulnerabilities and a second mitigation technique of an intrusion prevention system-based occurrence mitigation type that utilizes a real-time intrusion prevention action for at least mitigating the attack that takes advantage of the first one of the vulnerabilities; said intrusion prevention system component configured for; based on the first information, causing a display, via at least one display device, of one or more options for selection by a user to cause utilization of at least one of the at least two mitigation techniques; receiving a selection of at least one of the at least two mitigation techniques; and automatically applying the selected at least one of the at least two mitigation techniques utilizing a communication between a server and client code supporting the intrusion prevention system component; wherein the system is configured to; in the event that the selected at least one mitigation technique includes the first mitigation technique, automatically apply the first mitigation technique, by sending a first communication that results in at least mitigating the effect of the attack that takes advantage of the first one of the vulnerabilities in response thereto; and in the event that the selected at least one mitigation technique includes the second mitigation technique, automatically apply the second mitigation technique, by sending a second communication that results in at least mitigating the effect of the attack that takes advantage of the first one of the vulnerabilities in response thereto. - View Dependent Claims (17)
-
Specification